Replies

Ah, the “don’t trust it” (the workaround) is purely because he says he doesn’t trust admins to get it right in large estates… so human error in doing the mitigation, not that the mitigation doesn’t work.

Fair comment, but misleading initial statement. The workaround is fine. Whether you apply it properly in your environment… that’s another thing

geekdom wrote:

Read here for more DNS Server Security Hole information and questions with answers:

https://www.askwoody.com/forums/topic/faq-the-windows-dns-server-security-hole-cve-2020-1350-from-a-normal-users-perspective/

Thanks for the link. I see the “do not trust the workaround”, but it’s without qualification, just a feeling from someone not in Microsoft and without access to the code.

The article recommends installing the patch ASAP if you run a DNS server. As you rightly say, it’s likely these are Domain Controllers. Because of their importance, is it really right to be recommending the install of those patches as opposed to prioritising the simple registry hack that will mitigate it – at least until the patches have received more testing?

Patching seems way more risky when the mitigation is so simple and requires no reboot (just a restart of the DNS service)

Same thing for us. We’ve blocked the store, we get the nvidia control panel thing too.

So.. we have to unblock the store I guess to patch this. However, most of the stuff from the store is on a per user basis, what about this fix? I’ve not seen any mention.

Hi Woody,

I appreciate you taking the time out to reply; and to also confirm my worst suspicions 🙁

2 users thanked author for this post.

Elly, woody

Just to add that the BingSearchEnabled thing has not worked on the 2 machines I’ve got having this issue.

 

They are both 1909, build 18363.628

 

1 user thanked author for this post.

woody